Re: gnome-keyring Obtaining a TGT without unrestricted access to password.

On Thu, 2011-06-16 at 15:49 +0100, David Woodhouse wrote:
> AFAICT most Windows sites *don't* set a policy. They just use the
> standard Windows default of 10-hour/10-day tickets — because it
> doesn't
> really make any significant difference to Windows clients, does it?

They don't really need to because they can obtain a new ticket from
scratch every time you unlock the screensaver (to which you give your
password), which is what we do with sssd as well as the password goes
down the pipe through pam.

So the case where a 10h/10d policy is not enough is extremely rare.


Simo Sorce * Red Hat, Inc * New York

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]